TheMoon Malware Rises Again with Malicious Botnet for Hire
Outdated SOHO routers and IoT devices being hijacked by TheMoon to operate an anonymous hacker botnet service called Faceless.
After disappearing for several years, TheMoon has returned with a botnet army around 40,000 strong, made up of hijacked small home and office (SOHO) devices and available for hire as a proxy service for cybercriminals looking to obscure their traffic origins.
The cybercrime botnet service, called Faceless, costs less than a dollar per day, according to the researchers at Lumen Technologies' Black Lotus Labs, who are warning about the return of TheMoon after the malware group disappeared in 2019, before reemerging back on the scene in 2023. By the beginning of 2024, TheMoon had amassed bots from across 88 countries to operate its Faceless service.
"We believe these cybercriminals [using Faceless] are using these networks to steal data and information from their victims, including the financial sector," Mark Dehus, senior director of threat intelligence at Lumen Black Lotus Labs, said in a statement. "TheMoon malware is a serious threat not only to the owners of the compromised SOHO devices, but also the victims exploited through this anonymous proxy network."
John Gallagher, vice president of Viakoo Labs at Viakoo, noted that the types of endpoints that TheMoon looks to bring to the dark side are somewhat sitting ducks.
"IoT devices are designed to be 'set it and forget it,' leading to their being favored by threat actors even if they are not end of life (they are likely to be unmanaged and not updated)," he said in an emailed statement. "This is a much bigger issue for enterprises than consumers. The operators of IoT devices are often cost centers, and there's an incentive to not replace equipment unless it isn’t functional anymore. Enterprises offer vast fleets of IoT devices for threat actors to leverage for DDoS and other attack vectors."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024